On Compositional Compiler Correctness and Fully Abstract Compilation

Fully abstract compilation has long been understood to be useful for building secure compilers, but most verified compilers are not fully abstract. In particular, much recent work in the verified compilers community has gone into building compilers that are able to link with code that may not be produced from the same compiler. This is an important area of progress, because real software is made up of components written in different languages compiled by different compilers. But a key challenge is how to formally state the compiler correctness theorem so it supports linking with target code of arbitrary provenance. Recent results state their correct-component-compilation theorems in remarkably different ways, yielding pros and cons that aren’t well understood. Worse, to check if these theorems are sensible, reviewers must understand a massive amount of formalism. Further complicating things, compilers have multiple passes, which means that results from single passes need to be lifted to multi-pass compilers which often requires non-trivial work.

In this talk, we will survey recent results and present a generic compositional compiler correctness (CCC) theorem that we argue is the desired theorem for any compositionally correct compiler. Specific compiler-verification efforts can use their choice of formalism ``under the hood'' and then show that their theorems imply CCC. Using this theorem, we will show how fully abstract compilation relates to compositional compiler correctness, and argue that even researchers uninterested in secure compilation would still benefit from building fully abstract compilers, as they lead to easier composition of multi-pass compilers.